I have combine data from 20 minutes before the most recent data.
But is long ...

sourcetype=counter|eval key=_time.counter|rename value as base_value|table key,_time,counter,base_value|join key[search sourcetype=counter|eval key=round(relative_time(_time,"-20m@m")).counter|rename _time as ago_time,value as ago_value|table key,ago_time,counter,ago_value]|eval period=strftime(_time,"%Y/%m/%d %H:%M-").strftime(ago_time,"%H:%M")|eval difference=abs(base_value-ago_value)|table period,counter,difference|where difference<1000

(result)

I think you can try below command :
sourcetype=counter | bucket _time span=20m | stats min(counter_value) as min_cv max(counter_value) as max_cv by counter, _time | eval diff = max_cv- min_cv | search diff<1000

by the way, if your time span is 20 minutes , the answer should be counter 1 between 3:00:00pm to 3:19:59pm ( not 3:20:00pm) value=100 , 3:20:00 is the beginning of next 20 minutes , right ?

For example
- 9/10/13 3:00 PM - counter 1, counter value 13240
- 9/10/13 3:00 PM - counter 2, counter value 12700
- 9/10/13 3:10 PM - counter 1, counter value 13340
- 9/10/13 3:10 PM - counter 2, counter value 13800
- 9/10/13 3:20 PM - counter 1, counter value 13430
- 9/10/13 3:20 PM - counter 2, counter value 14850
- 9/10/13 3:30 PM - counter 1, counter value 15200
- 9/10/13 3:30 PM - counter 2, counter value 16200

In the span of 20 minutes between 3:00 PM to 3:30 PM which counter has counter value changes less than 1000. Answer is counter 1 bet 3:00 PM to 3:20 PM, value 190

Can you provide some sample events or context?